id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
19617	Use maybe_unserialize() for HTTP requests	nacin		"In a few cases, we use this convention: `unserialize( wp_remote_retrieve_body( $response ) )`. When the request fails, unserialize() gets an empty string, and that's no good.

I see this one every so often: Notice: unserialize(): Error at offset 0 of 11 bytes in /Users/nacin/Sites/beta/wp-includes/update.php on line 288

These are all of the unserialize() calls in core. Let's move all of them to maybe_unserialize() unless there is a good reason to keep them at unserialize() —

{{{
./wp-admin/includes/dashboard.php:1250:		$response = unserialize( wp_remote_retrieve_body( $response ) );
./wp-admin/includes/plugin-install.php:48:			$res = unserialize( wp_remote_retrieve_body( $request ) );
./wp-admin/includes/theme.php:413:			$res = unserialize( wp_remote_retrieve_body( $request ) );
./wp-admin/includes/upgrade.php:1090:				if ( !@unserialize( $value ) )
./wp-admin/includes/upgrade.php:1242:				if ( !@unserialize( $value ) )
./wp-admin/includes/upgrade.php:1406:	@ $kellogs = unserialize($option);
./wp-includes/ms-functions.php:848:	$meta = unserialize($signup->meta);
./wp-includes/update.php:188:	$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
./wp-includes/update.php:288:	$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
./wp-includes/user.php:886:			$b_roles = unserialize($caps_meta);
}}}"	defect (bug)	closed	normal	3.4	Warnings/Notices		normal	fixed	has-patch dev-feedback	JustinSainton